cipher.h source code [flutter_engine/third_party/boringssl/src/include/openssl/cipher.h]

1	/ Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)*
2	* All rights reserved.
3	*
4	* This package is an SSL implementation written
5	* by Eric Young (eay@cryptsoft.com).
6	* The implementation was written so as to conform with Netscapes SSL.
7	*
8	* This library is free for commercial and non-commercial use as long as
9	* the following conditions are aheared to. The following conditions
10	* apply to all code found in this distribution, be it the RC4, RSA,
11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
12	* included with this distribution is covered by the same copyright terms
13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
14	*
15	* Copyright remains Eric Young's, and as such any Copyright notices in
16	* the code are not to be removed.
17	* If this package is used in a product, Eric Young should be given attribution
18	* as the author of the parts of the library used.
19	* This can be in the form of a textual message at program startup or
20	* in documentation (online or textual) provided with the package.
21	*
22	* Redistribution and use in source and binary forms, with or without
23	* modification, are permitted provided that the following conditions
24	* are met:
25	* 1. Redistributions of source code must retain the copyright
26	* notice, this list of conditions and the following disclaimer.
27	* 2. Redistributions in binary form must reproduce the above copyright
28	* notice, this list of conditions and the following disclaimer in the
29	* documentation and/or other materials provided with the distribution.
30	* 3. All advertising materials mentioning features or use of this software
31	* must display the following acknowledgement:
32	* "This product includes cryptographic software written by
33	* Eric Young (eay@cryptsoft.com)"
34	* The word 'cryptographic' can be left out if the rouines from the library
35	* being used are not cryptographic related :-).
36	* 4. If you include any Windows specific code (or a derivative thereof) from
37	* the apps directory (application code) you must include an acknowledgement:
38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39	*
40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50	* SUCH DAMAGE.
51	*
52	* The licence and distribution terms for any publically available version or
53	* derivative of this code cannot be changed. i.e. this code cannot simply be
54	* copied and put under another distribution licence
55	* [including the GNU Public Licence.] */
56
57	#ifndef OPENSSL_HEADER_CIPHER_H
58	#define OPENSSL_HEADER_CIPHER_H
59
60	#include <openssl/base.h>
61
62	#if defined(__cplusplus)
63	extern "C" {
64	#endif
65
66
67	// Ciphers.
68
69
70	// Cipher primitives.
71	//
72	// The following functions return \|EVP_CIPHER\| objects that implement the named
73	// cipher algorithm.
74
75	OPENSSL_EXPORT const EVP_CIPHER EVP_rc4(void*);
76
77	OPENSSL_EXPORT const EVP_CIPHER EVP_des_cbc(void*);
78	OPENSSL_EXPORT const EVP_CIPHER EVP_des_ecb(void*);
79	OPENSSL_EXPORT const EVP_CIPHER EVP_des_ede(void*);
80	OPENSSL_EXPORT const EVP_CIPHER EVP_des_ede3(void*);
81	OPENSSL_EXPORT const EVP_CIPHER EVP_des_ede_cbc(void*);
82	OPENSSL_EXPORT const EVP_CIPHER EVP_des_ede3_cbc(void*);
83
84	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_128_ecb(void*);
85	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_128_cbc(void*);
86	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_128_ctr(void*);
87	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_128_ofb(void*);
88
89	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_256_ecb(void*);
90	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_256_cbc(void*);
91	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_256_ctr(void*);
92	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_256_ofb(void*);
93	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_256_xts(void*);
94
95	// EVP_enc_null returns a 'cipher' that passes plaintext through as
96	// ciphertext.
97	OPENSSL_EXPORT const EVP_CIPHER EVP_enc_null(void*);
98
99	// EVP_rc2_cbc returns a cipher that implements 128-bit RC2 in CBC mode.
100	OPENSSL_EXPORT const EVP_CIPHER EVP_rc2_cbc(void*);
101
102	// EVP_rc2_40_cbc returns a cipher that implements 40-bit RC2 in CBC mode. This
103	// is obviously very, very weak and is included only in order to read PKCS#12
104	// files, which often encrypt the certificate chain using this cipher. It is
105	// deliberately not exported.
106	const EVP_CIPHER EVP_rc2_40_cbc(void*);
107
108	// EVP_get_cipherbynid returns the cipher corresponding to the given NID, or
109	// NULL if no such cipher is known. Note using this function links almost every
110	// cipher implemented by BoringSSL into the binary, whether the caller uses them
111	// or not. Size-conscious callers, such as client software, should not use this
112	// function.
113	OPENSSL_EXPORT const EVP_CIPHER EVP_get_cipherbynid(int* nid);
114
115
116	// Cipher context allocation.
117	//
118	// An \|EVP_CIPHER_CTX\| represents the state of an encryption or decryption in
119	// progress.
120
121	// EVP_CIPHER_CTX_init initialises an, already allocated, \|EVP_CIPHER_CTX\|.
122	OPENSSL_EXPORT void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx);
123
124	// EVP_CIPHER_CTX_new allocates a fresh \|EVP_CIPHER_CTX\|, calls
125	// \|EVP_CIPHER_CTX_init\| and returns it, or NULL on allocation failure.
126	OPENSSL_EXPORT EVP_CIPHER_CTX EVP_CIPHER_CTX_new(void*);
127
128	// EVP_CIPHER_CTX_cleanup frees any memory referenced by \|ctx\|. It returns
129	// one.
130	OPENSSL_EXPORT int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx);
131
132	// EVP_CIPHER_CTX_free calls \|EVP_CIPHER_CTX_cleanup\| on \|ctx\| and then frees
133	// \|ctx\| itself.
134	OPENSSL_EXPORT void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx);
135
136	// EVP_CIPHER_CTX_copy sets \|out\| to be a duplicate of the current state of
137	// \|in\|. The \|out\| argument must have been previously initialised.
138	OPENSSL_EXPORT int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out,
139	const EVP_CIPHER_CTX *in);
140
141	// EVP_CIPHER_CTX_reset calls \|EVP_CIPHER_CTX_cleanup\| followed by
142	// \|EVP_CIPHER_CTX_init\| and returns one.
143	OPENSSL_EXPORT int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
144
145
146	// Cipher context configuration.
147
148	// EVP_CipherInit_ex configures \|ctx\| for a fresh encryption (or decryption, if
149	// \|enc\| is zero) operation using \|cipher\|. If \|ctx\| has been previously
150	// configured with a cipher then \|cipher\|, \|key\| and \|iv\| may be \|NULL\| and
151	// \|enc\| may be -1 to reuse the previous values. The operation will use \|key\|
152	// as the key and \|iv\| as the IV (if any). These should have the correct
153	// lengths given by \|EVP_CIPHER_key_length\| and \|EVP_CIPHER_iv_length\|. It
154	// returns one on success and zero on error.
155	OPENSSL_EXPORT int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
156	const EVP_CIPHER cipher, ENGINE engine,
157	const uint8_t key, const* uint8_t *iv,
158	int enc);
159
160	// EVP_EncryptInit_ex calls \|EVP_CipherInit_ex\| with \|enc\| equal to one.
161	OPENSSL_EXPORT int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
162	const EVP_CIPHER cipher, ENGINE impl,
163	const uint8_t key, const* uint8_t *iv);
164
165	// EVP_DecryptInit_ex calls \|EVP_CipherInit_ex\| with \|enc\| equal to zero.
166	OPENSSL_EXPORT int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
167	const EVP_CIPHER cipher, ENGINE impl,
168	const uint8_t key, const* uint8_t *iv);
169
170
171	// Cipher operations.
172
173	// EVP_EncryptUpdate encrypts \|in_len\| bytes from \|in\| to \|out\|. The number
174	// of output bytes may be up to \|in_len\| plus the block length minus one and
175	// \|out\| must have sufficient space. The number of bytes actually output is
176	// written to \|out_len\|. It returns one on success and zero otherwise.*
177	//
178	// If \|ctx\| is an AEAD cipher, e.g. \|EVP_aes_128_gcm\|, and \|out\| is NULL, this
179	// function instead adds \|in_len\| bytes from \|in\| to the AAD and sets \|out_len\|*
180	// to \|in_len\|. The AAD must be fully specified in this way before this function
181	// is used to encrypt plaintext.
182	OPENSSL_EXPORT int EVP_EncryptUpdate(EVP_CIPHER_CTX ctx, uint8_t out,
183	int out_len, const* uint8_t *in,
184	int in_len);
185
186	// EVP_EncryptFinal_ex writes at most a block of ciphertext to \|out\| and sets
187	// \|out_len\| to the number of bytes written. If padding is enabled (the*
188	// default) then standard padding is applied to create the final block. If
189	// padding is disabled (with \|EVP_CIPHER_CTX_set_padding\|) then any partial
190	// block remaining will cause an error. The function returns one on success and
191	// zero otherwise.
192	OPENSSL_EXPORT int EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, uint8_t out,
193	int *out_len);
194
195	// EVP_DecryptUpdate decrypts \|in_len\| bytes from \|in\| to \|out\|. The number of
196	// output bytes may be up to \|in_len\| plus the block length minus one and \|out\|
197	// must have sufficient space. The number of bytes actually output is written
198	// to \|out_len\|. It returns one on success and zero otherwise.*
199	//
200	// If \|ctx\| is an AEAD cipher, e.g. \|EVP_aes_128_gcm\|, and \|out\| is NULL, this
201	// function instead adds \|in_len\| bytes from \|in\| to the AAD and sets \|out_len\|*
202	// to \|in_len\|. The AAD must be fully specified in this way before this function
203	// is used to decrypt ciphertext.
204	OPENSSL_EXPORT int EVP_DecryptUpdate(EVP_CIPHER_CTX ctx, uint8_t out,
205	int out_len, const* uint8_t *in,
206	int in_len);
207
208	// EVP_DecryptFinal_ex writes at most a block of ciphertext to \|out\| and sets
209	// \|out_len\| to the number of bytes written. If padding is enabled (the*
210	// default) then padding is removed from the final block.
211	//
212	// WARNING: it is unsafe to call this function with unauthenticated
213	// ciphertext if padding is enabled.
214	OPENSSL_EXPORT int EVP_DecryptFinal_ex(EVP_CIPHER_CTX ctx, uint8_t out,
215	int *out_len);
216
217	// EVP_CipherUpdate calls either \|EVP_EncryptUpdate\| or \|EVP_DecryptUpdate\|
218	// depending on how \|ctx\| has been setup.
219	OPENSSL_EXPORT int EVP_CipherUpdate(EVP_CIPHER_CTX ctx, uint8_t out,
220	int out_len, const* uint8_t *in,
221	int in_len);
222
223	// EVP_CipherFinal_ex calls either \|EVP_EncryptFinal_ex\| or
224	// \|EVP_DecryptFinal_ex\| depending on how \|ctx\| has been setup.
225	OPENSSL_EXPORT int EVP_CipherFinal_ex(EVP_CIPHER_CTX ctx, uint8_t out,
226	int *out_len);
227
228
229	// Cipher context accessors.
230
231	// EVP_CIPHER_CTX_cipher returns the \|EVP_CIPHER\| underlying \|ctx\|, or NULL if
232	// none has been set.
233	OPENSSL_EXPORT const EVP_CIPHER *EVP_CIPHER_CTX_cipher(
234	const EVP_CIPHER_CTX *ctx);
235
236	// EVP_CIPHER_CTX_nid returns a NID identifying the \|EVP_CIPHER\| underlying
237	// \|ctx\| (e.g. \|NID_aes_128_gcm\|). It will crash if no cipher has been
238	// configured.
239	OPENSSL_EXPORT int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
240
241	// EVP_CIPHER_CTX_encrypting returns one if \|ctx\| is configured for encryption
242	// and zero otherwise.
243	OPENSSL_EXPORT int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
244
245	// EVP_CIPHER_CTX_block_size returns the block size, in bytes, of the cipher
246	// underlying \|ctx\|, or one if the cipher is a stream cipher. It will crash if
247	// no cipher has been configured.
248	OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
249
250	// EVP_CIPHER_CTX_key_length returns the key size, in bytes, of the cipher
251	// underlying \|ctx\| or zero if no cipher has been configured.
252	OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
253
254	// EVP_CIPHER_CTX_iv_length returns the IV size, in bytes, of the cipher
255	// underlying \|ctx\|. It will crash if no cipher has been configured.
256	OPENSSL_EXPORT unsigned EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
257
258	// EVP_CIPHER_CTX_get_app_data returns the opaque, application data pointer for
259	// \|ctx\|, or NULL if none has been set.
260	OPENSSL_EXPORT void EVP_CIPHER_CTX_get_app_data(const* EVP_CIPHER_CTX *ctx);
261
262	// EVP_CIPHER_CTX_set_app_data sets the opaque, application data pointer for
263	// \|ctx\| to \|data\|.
264	OPENSSL_EXPORT void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx,
265	void *data);
266
267	// EVP_CIPHER_CTX_flags returns a value which is the OR of zero or more
268	// \|EVP_CIPH_\| flags. It will crash if no cipher has been configured.*
269	OPENSSL_EXPORT uint32_t EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
270
271	// EVP_CIPHER_CTX_mode returns one of the \|EVP_CIPH_\| cipher mode values*
272	// enumerated below. It will crash if no cipher has been configured.
273	OPENSSL_EXPORT uint32_t EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx);
274
275	// EVP_CIPHER_CTX_ctrl is an \|ioctl\| like function. The \|command\| argument
276	// should be one of the \|EVP_CTRL_\| values. The \|arg\| and \|ptr\| arguments are*
277	// specific to the command in question.
278	OPENSSL_EXPORT int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX ctx, int* command,
279	int arg, void *ptr);
280
281	// EVP_CIPHER_CTX_set_padding sets whether padding is enabled for \|ctx\| and
282	// returns one. Pass a non-zero \|pad\| to enable padding (the default) or zero
283	// to disable.
284	OPENSSL_EXPORT int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX ctx, int* pad);
285
286	// EVP_CIPHER_CTX_set_key_length sets the key length for \|ctx\|. This is only
287	// valid for ciphers that can take a variable length key. It returns one on
288	// success and zero on error.
289	OPENSSL_EXPORT int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *ctx,
290	unsigned key_len);
291
292
293	// Cipher accessors.
294
295	// EVP_CIPHER_nid returns a NID identifying \|cipher\|. (For example,
296	// \|NID_aes_128_gcm\|.)
297	OPENSSL_EXPORT int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
298
299	// EVP_CIPHER_block_size returns the block size, in bytes, for \|cipher\|, or one
300	// if \|cipher\| is a stream cipher.
301	OPENSSL_EXPORT unsigned EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
302
303	// EVP_CIPHER_key_length returns the key size, in bytes, for \|cipher\|. If
304	// \|cipher\| can take a variable key length then this function returns the
305	// default key length and \|EVP_CIPHER_flags\| will return a value with
306	// \|EVP_CIPH_VARIABLE_LENGTH\| set.
307	OPENSSL_EXPORT unsigned EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
308
309	// EVP_CIPHER_iv_length returns the IV size, in bytes, of \|cipher\|, or zero if
310	// \|cipher\| doesn't take an IV.
311	OPENSSL_EXPORT unsigned EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
312
313	// EVP_CIPHER_flags returns a value which is the OR of zero or more
314	// \|EVP_CIPH_\| flags.*
315	OPENSSL_EXPORT uint32_t EVP_CIPHER_flags(const EVP_CIPHER *cipher);
316
317	// EVP_CIPHER_mode returns one of the cipher mode values enumerated below.
318	OPENSSL_EXPORT uint32_t EVP_CIPHER_mode(const EVP_CIPHER *cipher);
319
320
321	// Key derivation.
322
323	// EVP_BytesToKey generates a key and IV for the cipher \|type\| by iterating
324	// \|md\| \|count\| times using \|data\| and \|salt\|. On entry, the \|key\| and \|iv\|
325	// buffers must have enough space to hold a key and IV for \|type\|. It returns
326	// the length of the key on success or zero on error.
327	OPENSSL_EXPORT int EVP_BytesToKey(const EVP_CIPHER type, const* EVP_MD *md,
328	const uint8_t salt, const* uint8_t *data,
329	size_t data_len, unsigned count, uint8_t *key,
330	uint8_t *iv);
331
332
333	// Cipher modes (for \|EVP_CIPHER_mode\|).
334
335	#define EVP_CIPH_STREAM_CIPHER 0x0
336	#define EVP_CIPH_ECB_MODE 0x1
337	#define EVP_CIPH_CBC_MODE 0x2
338	#define EVP_CIPH_CFB_MODE 0x3
339	#define EVP_CIPH_OFB_MODE 0x4
340	#define EVP_CIPH_CTR_MODE 0x5
341	#define EVP_CIPH_GCM_MODE 0x6
342	#define EVP_CIPH_XTS_MODE 0x7
343
344	// The following values are never returned from \|EVP_CIPHER_mode\| and are
345	// included only to make it easier to compile code with BoringSSL.
346	#define EVP_CIPH_CCM_MODE 0x8
347	#define EVP_CIPH_OCB_MODE 0x9
348	#define EVP_CIPH_WRAP_MODE 0xa
349
350
351	// Cipher flags (for \|EVP_CIPHER_flags\|).
352
353	// EVP_CIPH_VARIABLE_LENGTH indicates that the cipher takes a variable length
354	// key.
355	#define EVP_CIPH_VARIABLE_LENGTH 0x40
356
357	// EVP_CIPH_ALWAYS_CALL_INIT indicates that the \|init\| function for the cipher
358	// should always be called when initialising a new operation, even if the key
359	// is NULL to indicate that the same key is being used.
360	#define EVP_CIPH_ALWAYS_CALL_INIT 0x80
361
362	// EVP_CIPH_CUSTOM_IV indicates that the cipher manages the IV itself rather
363	// than keeping it in the \|iv\| member of \|EVP_CIPHER_CTX\|.
364	#define EVP_CIPH_CUSTOM_IV 0x100
365
366	// EVP_CIPH_CTRL_INIT indicates that EVP_CTRL_INIT should be used when
367	// initialising an \|EVP_CIPHER_CTX\|.
368	#define EVP_CIPH_CTRL_INIT 0x200
369
370	// EVP_CIPH_FLAG_CUSTOM_CIPHER indicates that the cipher manages blocking
371	// itself. This causes EVP_(En\|De)crypt_ex to be simple wrapper functions.
372	#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x400
373
374	// EVP_CIPH_FLAG_AEAD_CIPHER specifies that the cipher is an AEAD. This is an
375	// older version of the proper AEAD interface. See aead.h for the current
376	// one.
377	#define EVP_CIPH_FLAG_AEAD_CIPHER 0x800
378
379	// EVP_CIPH_CUSTOM_COPY indicates that the \|ctrl\| callback should be called
380	// with \|EVP_CTRL_COPY\| at the end of normal \|EVP_CIPHER_CTX_copy\|
381	// processing.
382	#define EVP_CIPH_CUSTOM_COPY 0x1000
383
384	// EVP_CIPH_FLAG_NON_FIPS_ALLOW is meaningless. In OpenSSL it permits non-FIPS
385	// algorithms in FIPS mode. But BoringSSL FIPS mode doesn't prohibit algorithms
386	// (it's up the the caller to use the FIPS module in a fashion compliant with
387	// their needs). Thus this exists only to allow code to compile.
388	#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0
389
390
391	// Deprecated functions
392
393	// EVP_CipherInit acts like EVP_CipherInit_ex except that \|EVP_CIPHER_CTX_init\|
394	// is called on \|cipher\| first, if \|cipher\| is not NULL.
395	OPENSSL_EXPORT int EVP_CipherInit(EVP_CIPHER_CTX ctx, const* EVP_CIPHER *cipher,
396	const uint8_t key, const* uint8_t *iv,
397	int enc);
398
399	// EVP_EncryptInit calls \|EVP_CipherInit\| with \|enc\| equal to one.
400	OPENSSL_EXPORT int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,
401	const EVP_CIPHER cipher, const* uint8_t *key,
402	const uint8_t *iv);
403
404	// EVP_DecryptInit calls \|EVP_CipherInit\| with \|enc\| equal to zero.
405	OPENSSL_EXPORT int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,
406	const EVP_CIPHER cipher, const* uint8_t *key,
407	const uint8_t *iv);
408
409	// EVP_CipherFinal calls \|EVP_CipherFinal_ex\|.
410	OPENSSL_EXPORT int EVP_CipherFinal(EVP_CIPHER_CTX ctx, uint8_t out,
411	int *out_len);
412
413	// EVP_EncryptFinal calls \|EVP_EncryptFinal_ex\|.
414	OPENSSL_EXPORT int EVP_EncryptFinal(EVP_CIPHER_CTX ctx, uint8_t out,
415	int *out_len);
416
417	// EVP_DecryptFinal calls \|EVP_DecryptFinal_ex\|.
418	OPENSSL_EXPORT int EVP_DecryptFinal(EVP_CIPHER_CTX ctx, uint8_t out,
419	int *out_len);
420
421	// EVP_Cipher historically exposed an internal implementation detail of \|ctx\|
422	// and should not be used. Use \|EVP_CipherUpdate\| and \|EVP_CipherFinal_ex\|
423	// instead.
424	//
425	// If \|ctx\|'s cipher does not have the \|EVP_CIPH_FLAG_CUSTOM_CIPHER\| flag, it
426	// encrypts or decrypts \|in_len\| bytes from \|in\| and writes the resulting
427	// \|in_len\| bytes to \|out\|. It returns one on success and zero on error.
428	// \|in_len\| must be a multiple of the cipher's block size, or the behavior is
429	// undefined.
430	//
431	// TODO(davidben): Rather than being undefined (it'll often round the length up
432	// and likely read past the buffer), just fail the operation.
433	//
434	// If \|ctx\|'s cipher has the \|EVP_CIPH_FLAG_CUSTOM_CIPHER\| flag, it runs in one
435	// of two modes: If \|in\| is non-NULL, it behaves like \|EVP_CipherUpdate\|. If
436	// \|in\| is NULL, it behaves like \|EVP_CipherFinal_ex\|. In both cases, it returns
437	// \|out_len\| on success and -1 on error.*
438	//
439	// WARNING: The two possible calling conventions of this function signal errors
440	// incompatibly. In the first, zero indicates an error. In the second, zero
441	// indicates success with zero bytes of output.
442	OPENSSL_EXPORT int EVP_Cipher(EVP_CIPHER_CTX ctx, uint8_t out,
443	const uint8_t *in, size_t in_len);
444
445	// EVP_add_cipher_alias does nothing and returns one.
446	OPENSSL_EXPORT int EVP_add_cipher_alias(const char a, const* char *b);
447
448	// EVP_get_cipherbyname returns an \|EVP_CIPHER\| given a human readable name in
449	// \|name\|, or NULL if the name is unknown. Note using this function links almost
450	// every cipher implemented by BoringSSL into the binary, not just the ones the
451	// caller requests. Size-conscious callers, such as client software, should not
452	// use this function.
453	OPENSSL_EXPORT const EVP_CIPHER EVP_get_cipherbyname(const* char *name);
454
455	// These AEADs are deprecated AES-GCM implementations that set
456	// \|EVP_CIPH_FLAG_CUSTOM_CIPHER\|. Use \|EVP_aead_aes_128_gcm\| and
457	// \|EVP_aead_aes_256_gcm\| instead.
458	//
459	// WARNING: Although these APIs allow streaming an individual AES-GCM operation,
460	// this is not secure. Until calling \|EVP_DecryptFinal_ex\|, the tag has not yet
461	// been checked and output released by \|EVP_DecryptUpdate\| is unauthenticated
462	// and easily manipulated by attackers. Callers must buffer the output and may
463	// not act on it until the entire operation is complete.
464	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_128_gcm(void*);
465	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_256_gcm(void*);
466
467	// These are deprecated, 192-bit version of AES.
468	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_192_ecb(void*);
469	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_192_cbc(void*);
470	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_192_ctr(void*);
471	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_192_gcm(void*);
472	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_192_ofb(void*);
473
474	// EVP_des_ede3_ecb is an alias for \|EVP_des_ede3\|. Use the former instead.
475	OPENSSL_EXPORT const EVP_CIPHER EVP_des_ede3_ecb(void*);
476
477	// EVP_aes_128_cfb128 is only available in decrepit.
478	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_128_cfb128(void*);
479
480	// EVP_aes_128_cfb is an alias for \|EVP_aes_128_cfb128\| and is only available in
481	// decrepit.
482	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_128_cfb(void*);
483
484	// EVP_aes_192_cfb128 is only available in decrepit.
485	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_192_cfb128(void*);
486
487	// EVP_aes_192_cfb is an alias for \|EVP_aes_192_cfb128\| and is only available in
488	// decrepit.
489	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_192_cfb(void*);
490
491	// EVP_aes_256_cfb128 is only available in decrepit.
492	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_256_cfb128(void*);
493
494	// EVP_aes_256_cfb is an alias for \|EVP_aes_256_cfb128\| and is only available in
495	// decrepit.
496	OPENSSL_EXPORT const EVP_CIPHER EVP_aes_256_cfb(void*);
497
498	// EVP_bf_ecb is Blowfish in ECB mode and is only available in decrepit.
499	OPENSSL_EXPORT const EVP_CIPHER EVP_bf_ecb(void*);
500
501	// EVP_bf_cbc is Blowfish in CBC mode and is only available in decrepit.
502	OPENSSL_EXPORT const EVP_CIPHER EVP_bf_cbc(void*);
503
504	// EVP_bf_cfb is Blowfish in 64-bit CFB mode and is only available in decrepit.
505	OPENSSL_EXPORT const EVP_CIPHER EVP_bf_cfb(void*);
506
507	// EVP_cast5_ecb is CAST5 in ECB mode and is only available in decrepit.
508	OPENSSL_EXPORT const EVP_CIPHER EVP_cast5_ecb(void*);
509
510	// EVP_cast5_cbc is CAST5 in CBC mode and is only available in decrepit.
511	OPENSSL_EXPORT const EVP_CIPHER EVP_cast5_cbc(void*);
512
513	// The following flags do nothing and are included only to make it easier to
514	// compile code with BoringSSL.
515	#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0
516
517	// EVP_CIPHER_CTX_set_flags does nothing.
518	OPENSSL_EXPORT void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx,
519	uint32_t flags);
520
521
522	// Private functions.
523
524	// EVP_CIPH_NO_PADDING disables padding in block ciphers.
525	#define EVP_CIPH_NO_PADDING 0x800
526
527	// The following are \|EVP_CIPHER_CTX_ctrl\| commands.
528	#define EVP_CTRL_INIT 0x0
529	#define EVP_CTRL_SET_KEY_LENGTH 0x1
530	#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
531	#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
532	#define EVP_CTRL_GET_RC5_ROUNDS 0x4
533	#define EVP_CTRL_SET_RC5_ROUNDS 0x5
534	#define EVP_CTRL_RAND_KEY 0x6
535	#define EVP_CTRL_PBE_PRF_NID 0x7
536	#define EVP_CTRL_COPY 0x8
537	#define EVP_CTRL_AEAD_SET_IVLEN 0x9
538	#define EVP_CTRL_AEAD_GET_TAG 0x10
539	#define EVP_CTRL_AEAD_SET_TAG 0x11
540	#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
541	#define EVP_CTRL_GCM_IV_GEN 0x13
542	#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17
543	// EVP_CTRL_GCM_SET_IV_INV sets the GCM invocation field, decrypt only
544	#define EVP_CTRL_GCM_SET_IV_INV 0x18
545
546	// The following constants are unused.
547	#define EVP_GCM_TLS_FIXED_IV_LEN 4
548	#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8
549	#define EVP_GCM_TLS_TAG_LEN 16
550
551	// The following are legacy aliases for AEAD \|EVP_CIPHER_CTX_ctrl\| values.
552	#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
553	#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
554	#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
555	#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
556
557	#define EVP_MAX_KEY_LENGTH 64
558	#define EVP_MAX_IV_LENGTH 16
559	#define EVP_MAX_BLOCK_LENGTH 32
560
561	struct evp_cipher_ctx_st {
562	// cipher contains the underlying cipher for this context.
563	const EVP_CIPHER *cipher;
564
565	// app_data is a pointer to opaque, user data.
566	void app_data; // application stuff*
567
568	// cipher_data points to the \|cipher\| specific state.
569	void *cipher_data;
570
571	// key_len contains the length of the key, which may differ from
572	// \|cipher->key_len\| if the cipher can take a variable key length.
573	unsigned key_len;
574
575	// encrypt is one if encrypting and zero if decrypting.
576	int encrypt;
577
578	// flags contains the OR of zero or more \|EVP_CIPH_\| flags, above.*
579	uint32_t flags;
580
581	// oiv contains the original IV value.
582	uint8_t oiv[EVP_MAX_IV_LENGTH];
583
584	// iv contains the current IV value, which may have been updated.
585	uint8_t iv[EVP_MAX_IV_LENGTH];
586
587	// buf contains a partial block which is used by, for example, CTR mode to
588	// store unused keystream bytes.
589	uint8_t buf[EVP_MAX_BLOCK_LENGTH];
590
591	// buf_len contains the number of bytes of a partial block contained in
592	// \|buf\|.
593	int buf_len;
594
595	// num contains the number of bytes of \|iv\| which are valid for modes that
596	// manage partial blocks themselves.
597	unsigned num;
598
599	// final_used is non-zero if the \|final\| buffer contains plaintext.
600	int final_used;
601
602	uint8_t final[EVP_MAX_BLOCK_LENGTH]; // possible final block
603
604	// Has this structure been rendered unusable by a failure.
605	int poisoned;
606	} / EVP_CIPHER_CTX /;
607
608	typedef struct evp_cipher_info_st {
609	const EVP_CIPHER *cipher;
610	unsigned char iv[EVP_MAX_IV_LENGTH];
611	} EVP_CIPHER_INFO;
612
613
614	#if defined(__cplusplus)
615	} // extern C
616
617	#if !defined(BORINGSSL_NO_CXX)
618	extern "C++" {
619
620	BSSL_NAMESPACE_BEGIN
621
622	BORINGSSL_MAKE_DELETER(EVP_CIPHER_CTX, EVP_CIPHER_CTX_free)
623
624	using ScopedEVP_CIPHER_CTX =
625	internal::StackAllocated<EVP_CIPHER_CTX, int, EVP_CIPHER_CTX_init,
626	EVP_CIPHER_CTX_cleanup>;
627
628	BSSL_NAMESPACE_END
629
630	} // extern C++
631	#endif
632
633	#endif
634
635	#define CIPHER_R_AES_KEY_SETUP_FAILED 100
636	#define CIPHER_R_BAD_DECRYPT 101
637	#define CIPHER_R_BAD_KEY_LENGTH 102
638	#define CIPHER_R_BUFFER_TOO_SMALL 103
639	#define CIPHER_R_CTRL_NOT_IMPLEMENTED 104
640	#define CIPHER_R_CTRL_OPERATION_NOT_IMPLEMENTED 105
641	#define CIPHER_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 106
642	#define CIPHER_R_INITIALIZATION_ERROR 107
643	#define CIPHER_R_INPUT_NOT_INITIALIZED 108
644	#define CIPHER_R_INVALID_AD_SIZE 109
645	#define CIPHER_R_INVALID_KEY_LENGTH 110
646	#define CIPHER_R_INVALID_NONCE_SIZE 111
647	#define CIPHER_R_INVALID_OPERATION 112
648	#define CIPHER_R_IV_TOO_LARGE 113
649	#define CIPHER_R_NO_CIPHER_SET 114
650	#define CIPHER_R_OUTPUT_ALIASES_INPUT 115
651	#define CIPHER_R_TAG_TOO_LARGE 116
652	#define CIPHER_R_TOO_LARGE 117
653	#define CIPHER_R_UNSUPPORTED_AD_SIZE 118
654	#define CIPHER_R_UNSUPPORTED_INPUT_SIZE 119
655	#define CIPHER_R_UNSUPPORTED_KEY_SIZE 120
656	#define CIPHER_R_UNSUPPORTED_NONCE_SIZE 121
657	#define CIPHER_R_UNSUPPORTED_TAG_SIZE 122
658	#define CIPHER_R_WRONG_FINAL_BLOCK_LENGTH 123
659	#define CIPHER_R_NO_DIRECTION_SET 124
660	#define CIPHER_R_INVALID_NONCE 125
661
662	#endif // OPENSSL_HEADER_CIPHER_H
663

source code of flutter_engine/third_party/boringssl/src/include/openssl/cipher.h